8.2 Flashcards
After obtaining an understanding of internal control for the audit of a nonissuer’s financial statements, an auditor decided not to perform tests of controls. The auditor most likely decided that
Performing only substantive procedures would effectively reduce audit risk to an acceptably low level.
The assessment of risks is a basis for choosing the audit approach. A substantive audit approach is based only on substantive procedures. A combined audit approach applies tests of controls and substantive procedures. For example, the risk assessment procedures may not identify effective controls for the relevant assertion, or testing controls may be inefficient, e.g., because client documentation is not available. The result is that controls are not a factor in the risk assessment. In these cases, if the auditor adopts the substantive audit approach, (s)he needs to be satisfied that it will be effective in reducing audit risk to an acceptable level. For example, the substantive audit approach may not be feasible when the processing of routine transactions is highly automated with little manual intervention. In this case, the combined audit approach is chosen.
What is the most likely course of action that an auditor would take after determining that performing substantive procedures on inventory will take less time than performing tests of controls?
Perform only substantive procedures on inventory.
According to AU-C 330, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained, the auditor may in some cases perform only substantive procedures and exclude the effect of controls from the relevant risk assessment. For example, (1) testing the operating effectiveness of controls may be inefficient, or (2) risk assessment procedures may not have identified effective controls relevant to the assertions. In these cases, the auditor does not intend to rely on controls.
A senior auditor conducted a dual-purpose test on a client’s invoice to determine whether the invoice was approved and to ascertain the amount and other terms of the invoice. Which of the following lists two tests that the auditor performed?
Test of controls and test of details.
Dual-purpose testing involves performing (1) a test of details and (2) a test of controls on the same transaction. Tests of controls are used to determine whether controls are operating effectively. Determining whether the invoice was approved verifies that the control was effective. Ascertaining the amount and terms of the invoice is used to detect material misstatements in financial statement assertions, which is a test of details.
In parallel simulation, actual client data are reprocessed using an auditor software program. An advantage of using parallel simulation, instead of performing tests of controls without a computer, is that
The size of the sample can be greatly expanded at relatively little additional cost.
Parallel simulation uses a controlled program to reprocess sets of client transactions and compares those results with those of the client. The primary disadvantages are the initial cost of obtaining the software and the need for coordination with client personnel to gain access to transactions. However, the auditors have the freedom to process transactions (1) at their convenience, (2) using their own equipment, and (3) taking as long as necessary. Thus, the auditors can greatly increase the sample size at relatively little marginal cost.
When the operating effectiveness of a control is not evidenced by written documentation, an auditor should obtain evidence about the control’s effectiveness by
Inquiry and other procedures such as observation.
Tests of controls evaluate their operating effectiveness. However, for some controls, documentation may not be available or relevant. For example, documentation of operation may not exist for (1) some factors in the control environment, such as assignment of authority and responsibility, or (2) some controls, such as computer controls. In such cases, evidence about effectiveness of operation may be obtained through inquiry combined with other procedures, e.g., observation or computer-assisted audit techniques.
After obtaining an understanding of internal control and assessing the risks of material misstatement in a financial statement audit, an auditor decided to perform tests of controls. The auditor most likely decided that
It would be efficient to perform tests of controls that would result in a reduction in substantive procedures.
The auditor may rely on the operating effectiveness of controls in determining the nature, timing, and extent of substantive procedures. Thus, the auditor should weigh the cost of performing tests of controls against the expected savings from devoting less audit effort to substantive testing.
Which of the following explanations best describes why an auditor may decide to reduce tests of details for a particular audit objective?
Analytical procedures have revealed no unusual or unexpected results.
Analytical procedures performed as risk assessment procedures provide a basis for assessing the risks of material misstatement. When those procedures do not identify unusual transactions or events or amounts, ratios, and trends with audit significance, the assessment of the RMMs is lower. The lower assessment may justify reducing tests of details.
In a computerized payroll system environment, an auditor is least likely to use test data to test controls related to
Proper approval of overtime by supervisors.
Approval of overtime by supervisors most likely entails initialing of time cards. Inspection by the auditor is the appropriate test of this control.
After obtaining an understanding of internal control, an auditor of a nonissuer’s financial statements may place no reliance on controls for some assertions because the auditor
Believes the controls are unlikely to be effective.
The assessment of risks is a basis for choosing the audit approach. A substantive audit approach is based only on substantive procedures. A combined audit approach applies tests of controls and substantive procedures. For example, the risk assessment procedures may not identify effective controls for the relevant assertion, or testing controls may be inefficient, e.g., because client documentation is not available. The result is that controls are not a factor in the risk assessment. In these cases, if the auditor adopts the substantive audit approach, (s)he needs to be satisfied that it will be effective in reducing audit risk to an acceptable level. For example, the substantive audit approach may not be feasible when the processing of routine transactions is highly automated with little manual intervention. In this case, the combined audit approach is chosen.
Which of the following procedures concerning accounts receivable is an auditor most likely to perform to obtain evidence in support of the effectiveness of controls?
Observing an entity’s employee prepare the schedule of past due accounts receivable.
To test the effectiveness of controls, an auditor performs procedures such as inquiry, observation, inspection, recalculation, and reperformance of a control. Thus, observing an entity’s employee prepare the schedule of past due accounts receivable provides evidence of the effectiveness of certain controls over accounts receivable.
Which of the following statements concerning the parallel simulation approach when testing a computerized accounting system is false?
Transactions are reprocessed only by the client’s computer programs.
Parallel simulation is a test of the controls in a client’s application program. An auditor-developed program, not the client’s program, is used to process actual client data and compare the outputs and exceptions report with those of the client’s application program. If the client’s programmed controls are operating effectively, the two sets of results should be reconcilable.
When assessing the risks of material misstatement at a low level, an auditor is required to document the auditor’s
An understanding of the entity’s control environment:
Overall responses to assessed risks:
Yes
Yes
The understanding of the components of internal control, including the control environment, should be documented regardless of the degree of risk (AU-C 315). The overall responses to the assessed RMMs at the financial statement level also should be documented (AU-C 330).
When an auditor tests the internal controls of a computerized system, which of the following is true of the test data approach?
Test data are processed with the client’s computer and the results are compared to the auditor’s predetermined results.
The test data are processed by the client’s computer programs under the control of the auditor. These results are then compared to the auditor’s expectations.
A nonissuer audit client failed to maintain copies of its procedures manuals and organizational flowcharts. What should the auditor do in an audit of financial statements?
Adopt a substantive audit approach.
The assessment of risks is a basis for choosing the audit approach. A substantive audit approach is based only on substantive procedures. A combined audit approach applies tests of controls and substantive procedures. For example, the risk assessment procedures may not identify effective controls for the relevant assertion, or testing controls may be inefficient, e.g., because client documentation is not available. The result is that the effect of controls is excluded from the risk assessment. In these cases, if the auditor adopts the substantive audit approach, (s)he needs to be satisfied that it will be effective in reducing audit risk to an acceptable level. For example, the substantive audit approach may not be feasible when the processing of routine transactions is highly automated with little manual intervention. In this case, the combined audit approach is chosen. Moreover, the auditor should design and perform some substantive procedures for all relevant assertions related to each material transaction class, account balance, or disclosure regardless of the assessment of the RMMs or the choice of audit approach.
Which of the following is true related to the auditor’s consideration of controls?
Misstatements detected by the auditor’s substantive procedures should be considered when testing the effectiveness of related controls.
Misstatements detected by the auditor’s substantive procedures should be considered when testing the effectiveness of related controls. The auditor may need to assess the RMMs at a higher level if fraud or error is detected that should have been detected by the entity’s controls.